projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 977a608)
fix for security exploit described in bug #812690 reported by Neal Krawetz
authorstekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 25 Sep 2003 23:33:32 +0000 (23:33 +0000)
committerstekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 25 Sep 2003 23:33:32 +0000 (23:33 +0000)
(hackerfactor)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@5774 7612ce4b-ef26-0410-bec9-ea0150e637f0

class/deliver/Deliver_SendMail.class.php patch | blob | blame | history

diff --git a/class/deliver/Deliver_SendMail.class.php b/class/deliver/Deliver_SendMail.class.php
index 57b17ad7d33c93bf2a7203035f7e51314b2a8750..2f62a97d34da3bfe54025cc7b373b3d70a9f3ac7 100644 (file)
--- a/class/deliver/Deliver_SendMail.class.php
+++ b/class/deliver/Deliver_SendMail.class.php
@@ -23,7 +23,7 @@ class Deliver_SendMail extends Deliver {
     function initStream($message, $sendmail_path) {
         $rfc822_header = $message->rfc822_header;
        $from = $rfc822_header->from[0];
-       $envelopefrom = $from->mailbox.'@'.$from->host;
+       $envelopefrom = trim($from->mailbox.'@'.$from->host);
        if (strstr($sendmail_path, "qmail-inject")) {
            $stream = popen (escapeshellcmd("$sendmail_path -i -f$envelopefrom"), "w");
        } else {
Unnamed repository; edit this file 'description' to name the repository.